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Cilj predavanja 


+e Prikazati postupak pridruživanja 
Windows 10 klijenta u domenu Active 
Directory 


+€ Razlog: olakšavanje rada 

"= Pokazati prednosti pridruživanja: 
- Group Policy 
- Home direktoriji 
- Roaming profili 


(P srce 


Testna okolina 


+€ Microsoft Hyper-V 
e_ Microsoft Windows Server 2012 R2 


. Microsft Windows 10 Pro 64-bit 


+9 za u 
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Izrada testne okoline 


Instalacija Windows Servera 2012 R2 


Pridjeljivanje funkcionalnosti 
domenskog kontrolora 


Pridjeljivanje DHCP funkcionalnosti 
Izrada korisničkog domenskog računa 


Instalacija Windows 10 klijentskog 
računala 
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Instalacija Windows 
poslužitelja 
+ Instalacija Windows Server 2012 R2 
"= Podešavanje poslužitelja: 

- Ime 

- IP adresa 

- Subnet mask 

- Gateway 

- DNS poslužitelj 


(P srce 


Promocija Windows poslužitelja 
u Active Directory kontrolor 


€ Server Manager — Manage — Add Roles and Features 
— označiti "Active Directory Domain Services" 


DESTINATION SERVER 
DC.webinarJJocal 


Select one or more roles to install on the selected server. 


Roles Description 


= Active Directory Domain Services 
N pCeitifi | 
KUJE DEEcRe GEtEREME SEE | (AD DS) stores information about 


tive Directory Domain Services (lnstalled! objects on the network and makes 
Active Directory Federation Services this information available to users 
and network administrators. AD DS 
uses domain controllers to give 
network users access to permitted 


Active Directory Lightweight Directory Services 


Active Directory Rights Management Services 


Application Server | — resources anywhere on the network 
through a single logon process. 


Fax Server 


File and Storage Services (2 of 12 installed) 


Hyper-V 


Network Policy and Access Services 
Print and Document Services 


Remote Access 


Remote Desktop Services 


Cancel 


SrICE 


DHCP poslužitelj 


€ Server Manager — Manage — Add Roles and Features 
— označiti "DHCP Server" 


( Add Roles and Features Wizard == |SE|EX 


DESTINATION SERVER 


Select server roles DCwebinarJocal 


Select one or more roles to install on the selected server. 
Roles Add features that are reguired for DHCP Server? 


The following tools are reguired to manage this feature, but do not 
talled have to be installed on the same server. 


4 Remote Server Administration Tools 


4 Role Administration Tools 
(Tools) DHCP Server Tools 


Include management tools (if applicable) 


Add Features Cancel 


EVIOUS Next 2 Insta Cancel BPA result 
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Izrada domenskog korisnika 
1. dio 


Desni klik na izbornik Start - Control Panel - System and 
Security - Administrative Tools - "Active Directory Users 


and Computers". 
+ Izrada po jedinice (OU) imena "Korisnici" 


eo PGECI JLE Hm %tetvat 
e Di sers and Computers||_N. 
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Izrada domenskog korisnika 
2. dio 


= Desni klik na organizacijsku jedinicu "Korisnici" - New - User 


File Action View Help 
GDJE FFEEFETFTETEETTIZE 


IJ Active Directory Users and Computers | Name Type Description 
p Z) Saved Oueries 
4 fj webinar.local 

p S) Builtin 
Computers 
Domain Controllers 
ForeignSecurityPrincipals 
Managed Service Accounts 
Users 


There are no items to show in this view. 


U 


IE EK 2 Ii 


Delegate Control... 
Move... 
Find... 


New Computer 
All Tasks Contact 


View Group 
InetOrgPerson 


Cut 


Delete mslmaging-PSPs 


MSMO Oueue Alias 


Organizational Unit 


Rename 
Refresh 


Export List... Printer 


User 
Shared Folder 


Properties 


Help 


Create a new object... 
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Windows Server — osnovne 
omenske funkcionalnosti 


e AD, DNS, DHCP 
e Domenski korisnički račun 


a Active Directory Users and Computers 
File Action View Help 


eg sm {O XEd13 


File 
TE! 


Action 


View Help 


mm takva 


I Active Directory Users and Compu A || Name Type % DHCP || Client IP Address Name Lease Expira | Actions 

b IZ) Saved Oueries 82, RDP korisnici Security Group- {| a {| dc.webinar.local 189) 192.168.137.135 W1O0.webinar.local 31.1.2016. 1 di 

4 Ž webinar.local $ see User 4 ip |Pv4 td drestiži 
p I Builtin E|| £ srce? Ukie Scope (192.168.137.0) H| More .._b 
pb EZ) Computers Wi} Address Pool 


Domain Controllers 


p 
p I ForeignSecurityPrincipals 
Z) Korisnici 


A} Address Leases 
b IH) Reservations 
22, Scope Options 


Managed Service Accounts v||— U A) Policies 
£ " HK " T} Server Options 
IZ) Policies 
b | Filters 
Ha DNS Manager bih Po 


File Action View Help 
+eo| zrXxX0CG6B|HAr ido 


i, DNS 2)| Name Type 
ao | A _msdes 
4 (IZ) Forward Lookup Zone_—|| (|_sites 
p SI _msdes.webinare_—|| E)_tcp 
4) webinarlocal MA _udp 
b I _msdes 


=||| U DomainDnsZones 


pEI _ites 2) ForestDnsZones 


a Sa El (same as parent folder) Start of Authority (SOA) — (72), de.webinar.local., ho... static 
bije TER EH (same as parent folder) Name Server (NS) dc.webinar.local. static 
b ) DomainDnsZo || = 
- | H (same as parent folder) Host (A) 192.168.137.130 29.1,2016. 10:00:00 
b (I) ForestDnsZon, || £ 
| Blade Host (A) 192.168.137.130 static 
Kerim | Elwo 92.168.137.135 20.1,2016. 16:00:00 
|(Ewu Host (A) 192.168.137. ,1.2016. 16:00: 
p I Trust Points | = 
b_ZI Conditional Forwarde Y_|| ows Server 2012 R2 
£ m Jama: CI ; 
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Instalacija Windows 10 


e |nstalirati Windows 10 Pro 64-bit 


1 EZ; Control Panel + System and Security s System 


Control Panel Home 


View basic information about your computer 


Windows editon 


Windows 10 Pro 


jedn zanmenacgnnase = 8 Windows 10 


 Aovsnced system settings 
System 
Processor; Intel(R) Core(TM) i5-3360M CPU } 2.BOGHz 279 GHz 
installed memory (RAM); — 1,00 GB 
System type $4-bit Operating System, x64-based processor 
Pen and Touch: No Pen or Touch input is available for this Display 
Computer name, domsin, snd workgroup settings 
Computer name: WIO 
Full computer name WIO.webinar.local 


Computer description: 


Domain: wrebinar local 


Windows scbvation 


k Windows is not activated. Pead the Mi 


Security and Mamtenu Product 10: 00331+10000-00001-AA318 


Pridjeljivanje Windows 10 
klijenta domeni — Control Panel 


+ Desni klik na izbornik Start - Control Panel - System and Security — 
System — "Computer name, domain, and workgroup settings" — 


"Change settings" — "Computer Name" — "Change..." 
upišite ime domene — OK 


- 


$ El, Control Panel + System and Security + System 


Computer Nane Hardware Advanced System Protection Remote 


La Windows uses the following information to identify your computer 
onthe networ 


Computer description: 
Forexample: "Kitchen Computer" or "Mary's 
Computer". 

Full computer name: WIO 


Workgroup: WORKGROUP 


To use a wizard to join a domain or workgroup, dlick 
Network ID. i 


To rename this computer or change its domain or 
workgroup, click Change. u 


OK 


Security and Maintenance 


r 


ČINE UPERI ONI 


You can change the name and the membership of this 
computer, Changes might affect access to network resources. 


Computer name: 
|wio 


Full computer name: 


| wo 


Member of 
O Doman:— 
|webinarJocal 


OWorkgroup;: 


activated. Read the Microsoft Software Lic 


-————=——--31-10000-00001-AA318 


— "Domain" - 


Windows Security 
Computer Name/Domain Changes 


Enter the name and password of an account with permission to join the 
domain. 


| webinar.local\administrator ) 


Domzin: webinar.local 


Connect a smart card 


Pridjeljivanje Windows 10 
klijenta domeni — Settings 


e Lijevi klik na Start — Settings — System — About — 
Join a domain 


£ | Settings aaa Se. 
£O3 = SYSTEM Find a setting p 
Display 
PG 
Notifications 8; actions PC name WIO 
Apps 8: features Rename PC 
Multitasking Organization" WORKGROUP 
Tablet mode pejeua 
Power 8; sleep Join Azure AD 
Storede Edition Windows 10 Pro 
lome mane Product ID 00331-10000-00001-AA318 
Processor Intel(R) Core(TM) i5-3360M CPU E 2.BOGHz 2.79 GHz 
Defauit apps Installed RAM = 1,00 GB 


PADOM System type 64-bit operating system, x64-based processor 
Pen and touch No pen or touch input is available for this display 
Change product key or upgrade your edition of Windows 
Read the Privacy Statement for Windows and Microsoft services 


Read the Microsoft Services Agreement that applies to our services 


Read the Microsoft Software License Terms 
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Prijava u formi: ime _domene\korisničko_ime 


Other user 


webinar.local\Srce 


KRIT 


Sign in to: webinar.local 
How do I sign in to another domain? 


Type domain name\domain user name to 
sign in to another domain. 


Type W10\local user name to sign in to this 
PC only (not a domain). 
A Srce 


Sign-in options 
Other user 


Group Policy 


e€ Opis: domenska funkcionalnost koja 
omogućava podešavanje postavki 
lokalnog klijenta sa središnje lokacije na 
poslužitelju 


e Cilj: podesiti da domenski korisnik ima 
mogućnost spajanja Remote Desktop 
protokolom (RDP) na klijentsko računalo 
s udaljene lokacije 
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Group Policy — izrada politike 


+ Group Policy management konzola - Group Policy 
management - Forest: webinar.local — Domains - 
webinar.local - desni klik na OU "Racunala" - "Create a GPO 
in this domain, and Link it here..." 


View Window Help 


€es| (ml O XC d|H = 


Racunala 
Linked Group Policy Objects_ | Group Policy Inhertance | Delegation | 


Link Order GPO Enforced Link Enabled GPO Status 


Create a GPO in this domain, and Link it here... 


Link an Existing GPO... 

Block Inheritance 

Group Policy Update... 

Group Policy Modeling Wizard... 
New Organizational Unit 

View 


New Window from Here 
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Group Policy — RDP podešavanje 


Group Policy management editor: 


+ Computer Configuration — Policies - Administrative Templates — Windows Components — Remote 
Desktop Services — Remote Desktop Session Host — Connections. 


- Allow users to connect remotely using Remote Desktop Services — Enabled 


+ Computer Configuration — Policies — Administrative Templates — Network — Netvork Connections 
— Windows Firewall - Domain Profile - Windows Firewall 


- Allow inbound Remote Desktop exceptions - Enabled. 


+ Computer Configuration — Policies - Windows Settings - Security Settings -Local Policies - User 
Rights Assignment - Allow Log on through Remote Desktop Services. 


- Add Users or Group... 


Group Policy Management Editor -|8|x 
Fin Zenon Vine Melpe 
ODE) 


Home direktoriji 


+ Opis: dijeljena mrežna mapa za 
spremanje korisničkih podataka 
dodijeljena domenskom korisniku 


+ Cilj: pokazati dodjeljivanje 
funkcionalnosti Home foldera 
pojedinačnom domenskom korisniku 
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Home direktoriji — Share 
dozvole 


e Izrada dijeljene mape Home 
- Authenticated Users — Full Control 


k Home Properties EI Advanced Sharing ei 
General | Sharing | Securty | Previous Versions | Customize | 1 ME Share Pemissions 
Network File and Folder Sharing Settings Group or user names: 
Home Share name: 82, Authenticated Users 
.L Not Shared Homeć 

Network Path: Add Remove 
Not Shared A - — 

SEE Limit the number of simultaneous users to: 16777 

U 
Comments: 
Advanced Sharing Permissions for Authenticated 
Set custom permissions, create multiple shares, and set other _— 
advanced sharing options. Full Control 
i Change 
Advanced Sharing... Permissions Caching Read 
OK Cancel Apply 


OK Cancel Apply 
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Home direktoriji - NTFS dozvole 


+ _NTFS dozvole: 
CREATOR OWNER: Full control — Subfolders and files only 


Authenticated Users: Traverse folder / execute file, List folder / read data, 
Create folders / append data — Subfolders and files only 


SYSTEM: Full control — This folder, subfolders and files 
Administrator: Full control — This folder only 


k Home Properties 


(General | Shang | Secuty |Previcus Verions | 
Kremna, Gli Name C\Home 
Kaobinčtionca Owner: Administrators (WEBINAR\Administrators) WJ) Change 
sm OWNER | Permissions Share Auditing_ | Effective Access | 
peto jahanja For additional information, double-click a permission entry. To modify a permission entry, select the entry and click Edit (if available). 


Permission entries: 


To change pemissions, click Edit. 


Type = Principal Inherited from Applies to 


PESME RE CIJEMOR Se 82, Allow = SYSTEM None This folder, subfolders and files 
82, Allow = CREATOR OWNER Full control None Subfolders and files only 
"ii 2, Allow = Administrator (WEBINAR\Ad... Full control None This folder only 
KR Uttuja 42, Allow = Authenticated Users Special None This folder only 
List folder contents 
Read 
Write 


For special permissions or advanced settings. 
dlick Advanced. 


Add 


Enable inheritance 


(C Replace all child object permission entries with inheritable permission entries from this object 


Home direktoriji - korisnik 


+ "Active Directory Users And Computers" - desni klik na 
korisnika — Properties — Profile - Home folder — Connect - 
napišemo putanje do dijeljene mape u obliku: 


\\server\dijeljenamapa$\%username% 


Active Directory Users and Computers 


Roaming profili 


+e Opis: funkcionalnost koja omogućuje 
automatsko spremanje lokalnih 
korisničkih mapa (My Documents, 
Desktop...) i postavki na udaljenu 
mrežnu lokaciju 


+ Cilj: pokazati dodjeljivanje 
funkcionalnosti Roaming profila 
pojedinačnom domenskom korisniku 
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Roaming profili — Share dozvole 


e Izrada dijeljene mape 
Authenticated Users — Full Control 


|A Roaming Properties ee Advanced Sharing 
General { Sharing | Security | Previous Versions | Customize | (YI Share this folder Share Permissions 
Network File and Folder Sharing Settings Group or user names: 
Roaming Share name: 82, Authenticated Users 
i Not Shared Roaming$ 
Network Path: Add Remove 
Not Shared - — 
Limit the number of simultaneous users to: 
I Comments: 
Advanced Sharing Permissions for Authenticated 
Us 
Set custom pemissions, create multiple shares, and set other = 
advanced sharing options. Full Control 
Change 
1) Advanced Sharing... Permissions Caching Read 
OK Cancel 
Cose ancel App 
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Roaming profili - NTFS dozvole 


e NTFS dozvole: 


CREATOR OWNER: Full control — Subfolders and files only 


Authenticated Users: Traverse folder / execute file, List folder / read data, 
Create folders / append data — Subfolders and files only 


SYSTEM: Full control — This folder, subfolders and files 
Administrator: Full control — This folder only 


k Roaming Properties x 
sma jbao| suv |Fenals|čao 
Name: C.\Roaming 
Object name: C.\Roaming 
Owner: Administrators (WEBINAR\Administrators)  W)) Change 
Group or user names 
| | AZCREATOROWNER Permissions | Share Auditing_— | Effective Access | 
82, SYSTEM 
88, Administrators (NEBINAR\Administrators) Foradditional information, double-click a permission entry. To modify a permission entry, select the entry and click Edit (if available). 
2, Users (WEBINAR\Users) 


Permission entries: 


To change permissions, click Edit. Edt. Type = Principal Access Inherited from Applies to 
Pemissions for CREATOR 2, Allow = SVSTEM Full control None This folder, subfolders and files 
OWNER Allow Deny £2, Allow  CREATOR OWNER Full control None Subfolders and files only 
Ful control a 2 Allow = Administrator (WEBINAR\Ad... — Full control None This folder only 
Modify 42, Allow = Authenticated Users Special None This folder only 
Read 8 execute = 
List folder contents 
Read 
Write v 
Beča spogali posaeoje or advanced settings, ===} 


Add Remove 


Enable inheritance 


Cose 


Replace all child object permission entries with inheritable permission entries from this object 


OK__||_Cancel 


Roaming profili - korisnik 


e "Active Directory Users And Computers" - desni klik 
na korisnika — Properties — Profile — User profile — 
Profile Path 


\\ime_poslužitelja\ime_ dijeljene mape\Ysusername% 


Active Directory Users and Computers 
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Uskoro detaljnije 


e http://sistemac.srce. 
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